General
-
Target
S O A.exe
-
Size
64KB
-
Sample
230206-r5k4pshf9x
-
MD5
5474514215626470f8f975733dfa047d
-
SHA1
67b720c696a67809615bdad3d50622ccdad5112a
-
SHA256
5b5e5677403e5bdf2e8c799503989de3b5a287f278ab7a52ed316ceb1a311515
-
SHA512
6f6cdc2d9460ebeb1db3994b87bdd85fdd576c092d28937dc43ba909170624e69e23d0f8f68586826ff48c5e28b0900c2162904c182eca1bc3421a224579f180
-
SSDEEP
768:M0OKd9jjbjKikYiXGB47k5gLY40LO6dusn04eF:5Ou9jjbjKzXGBCk2Y40ymuL3F
Static task
static1
Behavioral task
behavioral1
Sample
S O A.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
S O A.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.elec-qatar.com - Port:
587 - Username:
[email protected] - Password:
MHabrar2019@# - Email To:
[email protected]
Targets
-
-
Target
S O A.exe
-
Size
64KB
-
MD5
5474514215626470f8f975733dfa047d
-
SHA1
67b720c696a67809615bdad3d50622ccdad5112a
-
SHA256
5b5e5677403e5bdf2e8c799503989de3b5a287f278ab7a52ed316ceb1a311515
-
SHA512
6f6cdc2d9460ebeb1db3994b87bdd85fdd576c092d28937dc43ba909170624e69e23d0f8f68586826ff48c5e28b0900c2162904c182eca1bc3421a224579f180
-
SSDEEP
768:M0OKd9jjbjKikYiXGB47k5gLY40LO6dusn04eF:5Ou9jjbjKzXGBCk2Y40ymuL3F
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-